cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
340
Views
0
Helpful
1
Replies
Highlighted
Beginner

SSO for SMA

Hello, We would like to get SSO working for logging into SMA. We currently have is setup for Spam Quarantine in SMA but would like to get it working for the Administrative side. I followed the instructions that were provided in Ver 13 for ESA SSO, changing the needed settings for SMA. But when attempting to get in, I get: Error — Authorization Failure! Please contact your administrator. Is SSO supported for admin logins to SMA? If so, ideas on what my issue could be? Thanks Doug

1 REPLY 1
Highlighted
Cisco Employee

Re: SSO for SMA

Hello Doug,

This error indicates authentication passed, but authorization failed at the SMA.
Focus on the settings within the Users > External Authentication > SAML.
Attribute Name, Group Name, and Group Mapping.

Also, in one of the similar issues, it was found that the problem was with the difference in the “Sign Assertion”.
Basically, the IdP was configured to retrieve only the ‘mail’ and ‘uid’ attributes, and none of them were matching the Group names on the SMA configuration.

I hope the above information might be helpful.

Cheers,
Pratham